Update Boot Image with CU Article 14

windows/deployment/images/icons/command-prompt.svg

@@ -0,0 +1,3 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 2048 2048">
+  <path d="M2048 128v1664H0V128h2048zM128 256v128h1792V256H128zm1792 1408V512H128v1152h1792zm-528-896l257 640h-91l-257-640h91zm-656 76q-53 0-96 16t-74 48-48 78-17 106q0 55 15 100t45 76 73 49 98 17q35 0 69-7t58-18l16 62q-22 11-63 19t-96 9q-63 0-117-20t-95-58-62-95-23-131q0-70 23-128t64-100 99-65 128-23q57 0 92 9t51 18l-19 63q-22-11-52-18t-69-7zm288 52h128v128h-128V896zm0 256h128v128h-128v-128z" />
+</svg>

windows/deployment/images/icons/powershell-color-18.svg

@@ -0,0 +1,20 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 18 18">
+  <defs>
+    <linearGradient id="a24f9983-911f-4df7-920f-f964c8c10f82" x1="9" y1="15.834" x2="9" y2="5.788" gradientUnits="userSpaceOnUse">
+      <stop offset="0" stop-color="#32bedd" />
+      <stop offset="0.175" stop-color="#32caea" />
+      <stop offset="0.41" stop-color="#32d2f2" />
+      <stop offset="0.775" stop-color="#32d4f5" />
+    </linearGradient>
+  </defs>
+  <title>MsPortalFx.base.images-10</title>
+  <g id="a7ef0482-71f2-4b7e-b916-b1c754245bf1">
+    <g>
+      <path d="M.5,5.788h17a0,0,0,0,1,0,0v9.478a.568.568,0,0,1-.568.568H1.068A.568.568,0,0,1,.5,15.266V5.788A0,0,0,0,1,.5,5.788Z" fill="url(#a24f9983-911f-4df7-920f-f964c8c10f82)" />
+      <path d="M1.071,2.166H16.929a.568.568,0,0,1,.568.568V5.788a0,0,0,0,1,0,0H.5a0,0,0,0,1,0,0V2.734A.568.568,0,0,1,1.071,2.166Z" fill="#0078d4" />
+      <path d="M4.292,7.153h.523a.167.167,0,0,1,.167.167v3.858a.335.335,0,0,1-.335.335H4.125a0,0,0,0,1,0,0V7.321a.167.167,0,0,1,.167-.167Z" transform="translate(-5.271 5.967) rotate(-45.081)" fill="#f2f2f2" />
+      <path d="M4.32,9.647h.523a.167.167,0,0,1,.167.167v4.131a0,0,0,0,1,0,0H4.488a.335.335,0,0,1-.335-.335v-3.8a.167.167,0,0,1,.167-.167Z" transform="translate(-0.504 23.385) rotate(-135.081)" fill="#e6e6e6" />
+      <rect x="7.221" y="12.64" width="4.771" height="1.011" rx="0.291" fill="#f2f2f2" />
+    </g>
+  </g>
+</svg>

windows/deployment/images/icons/powershell.svg

@@ -0,0 +1,3 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 2048 2048">
+  <path d="M0 128h2048v1664H0V128zm1920 128H128v128h1792V256zM128 1664h1792V512H128v1152zm768-128v-128h640v128H896zM549 716l521 372-521 372-74-104 375-268-375-268 74-104z" />
+</svg>

windows/deployment/update-boot-image.md

@@ -53,25 +53,23 @@ Note about Windows Server 2012 R2
 
 ## Step 1: Download and install ADK
 
-- Download and install the **Windows Assessment and Deployment Kit (Windows ADK)** from [Download and install the Windows ADK](/windows-hardware/get-started/adk-install).
+1. Download and install the **Windows Assessment and Deployment Kit (Windows ADK)** from [Download and install the Windows ADK](/windows-hardware/get-started/adk-install).
 
-- Download and install the **Windows PE add-on for the Windows ADK** from [Download and install the Windows ADK](/windows-hardware/get-started/adk-install). Make sure to download and install both components.
+1. Download and install the **Windows PE add-on for the Windows ADK** from [Download and install the Windows ADK](/windows-hardware/get-started/adk-install). Make sure to download and install both components.
 
-- It's strongly recommended to download and install the latest version of the ADK.
+It's strongly recommended to download and install the latest version of the ADK. When installing the Windows ADK, it's only necessary to install the **Deployment Tools**.
 
-- When installing the Windows ADK, it's only necessary to install the **Deployment Tools**.
-
-- The paths in this article assume the Windows ADK was installed to the default location of `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit`. If the Windows ADK was installed to a different location, then adjust the paths accordingly.
+The paths in this article assume the Windows ADK was installed to the default location of `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit`. If the Windows ADK was installed to a different location, then adjust the paths accordingly.
 
 ## Step 2: Download cumulative update (CU)
 
-- Go to the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site and search for the latest cumulative update for the version of Windows that matches the version of Windows PE that was downloaded in [Step 1](#step-1-download-and-install-adk) or the version of the Windows PE boot image that will be updated.
+1. Go to the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site and search for the latest cumulative update for the version of Windows that matches the version of Windows PE that was downloaded in [Step 1](#step-1-download-and-install-adk) or the version of the Windows PE boot image that will be updated.
 
-- When searching the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site, use the search term `"<year>-<month> cumulative update for windows <x>"` where `year` is the four digit current year, `<month>` is the two digit current month, and `<x>` is the version of Windows that Windows PE is based on. For example, to search for the latest cumulative update for Windows 11 in July 2023, use the search term `"2023-07 cumulative update for windows 11"`. If the cumulative update hasn't been released yet for the current month, then search on the previous month.
+1. When searching the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site, use the search term `"<year>-<month> cumulative update for windows <x>"` where `year` is the four digit current year, `<month>` is the two digit current month, and `<x>` is the version of Windows that Windows PE is based on. For example, to search for the latest cumulative update for Windows 11 in July 2023, use the search term `"2023-07 cumulative update for windows 11"`. If the cumulative update hasn't been released yet for the current month, then search on the previous month.
 
-- Once the cumulative update has been found, download the appropriate version for the version and architecture of Windows that matches the Windows PE boot image. For example, if the version of the Windows PE boot image is Windows 11 22H2 64-bit, then download the **Cumulative Update for Windows 11 Version 22H2 for x64-based Systems" version of the update.
+1. Once the cumulative update has been found, download the appropriate version for the version and architecture of Windows that matches the Windows PE boot image. For example, if the version of the Windows PE boot image is Windows 11 22H2 64-bit, then download the **Cumulative Update for Windows 11 Version 22H2 for x64-based Systems** version of the update.
 
-- Store the downloaded cumulative update in a known location for later use.
+1. Store the downloaded cumulative update in a known location for later use.
 
 > [!TIP]
 >
@@ -81,7 +79,7 @@ Note about Windows Server 2012 R2
 
 ## Step 3: Backup existing boot image
 
-- Before modifying the desired boot image, make a backup copy of the boot image. For example,
+Before modifying the desired boot image, make a backup copy of the boot image. For example:
 
 - For the boot image included with the **Windows PE add-on for the Windows ADK**, the boot image is located at `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim`.
 
@@ -89,17 +87,17 @@ Note about Windows Server 2012 R2
 
 ## Step 4: Mount boot image to temporary mount folder
 
-- Create a new empty empty folder to mount the boot image to. For example, `C:\Mount`.
+Create a new empty empty folder to mount the boot image to. For example, `C:\Mount`.
 
-### [**PowerShell**](#tab/powershell)
+### [:::image type="icon" source="images/icons/powershell.svg"::: **PowerShell**](#tab/powershell)
 
 ```powershell
 Mount-WindowsImage -Path "<Mount_folder_path>" -ImagePath "<Boot_image_path>\<boot_image>.wim" -Index 1 -Verbose
 ```
 
-For more information, see [Mount-WindowsImage](/powershell/module/dism/mount-windowsimage)
+For more information, see [Mount-WindowsImage](/powershell/module/dism/mount-windowsimage).
 
-### [**Command Line**](#tab/command-line)
+### [:::image type="icon" source="images/icons/command-prompt.svg"::: **Command Line**](#tab/command-line)
 
 ```cmd
 DISM.exe /Mount-image /imagefile:"<Boot_image_path>" /Index:1 /MountDir:"<Mount_folder_path>"
@@ -111,19 +109,23 @@ For more information, see [Modify a Windows image using DISM: Mount an image](/w
 
 ## Step 5: Add drivers to boot image
 
-- If needed, add any drivers to the boot image.
+If needed, add any drivers to the boot image:
 
-### [**PowerShell**](#tab/powershell)
+### [:::image type="icon" source="images/icons/powershell-color-18.svg"::: **PowerShell**](#tab/powershell)
 
 ```powershell
 Command to be determined
 ```
 
-### [**Command Line**](#tab/command-line)
+### [:::image type="icon" source="images/icons/command-prompt.svg"::: **Command Line**](#tab/command-line)
 
 ```cmd
 DISM.exe /Image:"<Mount_folder_path>" /Add-Driver /Driver:"<Dirver_INF_source_path>\<driver>.inf"
+```
 
+or
+
+```cmd
 DISM.exe /Image:"<Mount_folder_path>" /Add-Driver /Driver:"<Dirvers_source_path" /Recurse
 ```
 
@@ -137,43 +139,52 @@ For more information, see [Add and Remove Driver packages to an offline Windows
 
 ## Step 6: Add optional components to boot image
 
-- Add any desired optional components to the boot image.
-- The below examples assumes an x64 boot image. If a different architecture is being used, then adjust the commands accordingly.
+1. Add any desired optional components to the boot image:
 
-### [**PowerShell**](#tab/powershell)
+  ### [:::image type="icon" source="images/icons/powershell-16.png"::: **PowerShell**](#tab/powershell)
 
   ```powershell
   Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\<Component>.cab" -Path "<Mount_folder_path>" -Verbose
   ```
 
+  This example assumes an x64 boot image. If a different architecture is being used, then adjust the commands accordingly.
+
   For more information, see [Add-WindowsPackage](/powershell/module/dism/add-windowspackage).
 
-### [**Command Line**](#tab/command-line)
+  ### [:::image type="icon" source="images/icons/command-prompt-16.png"::: **Command Line**](#tab/command-line)
 
   ```cmd
   DISM.exe /Image:"<Mount_folder_path>" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\<Component>.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\<Component2>.cab"
   ```
 
----
+  This example assumes an x64 boot image. If a different architecture is being used, then adjust the commands accordingly.
 
-You can add as many desired optional components as needed on a single DISM.exe command line.
+  You can add as many desired optional components as needed on a single **DISM.exe** command line.
 
   For more information, see [Add or Remove Packages Offline Using DISM](/windows-hardware/manufacture/desktop/add-or-remove-packages-offline-using-dism) and [DISM Operating System Package (.cab or .msu) Servicing Command-Line Options: /Add-Package](/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options#add-package).
 
-- Make sure that after adding the optional component to also add the language specific component for that optional component. For example, for English United States (en-us), add the following:
+  ---
 
-### [**PowerShell**](#tab/powershell)
+1. Make sure that after adding the optional component to also add the language specific component for that optional component. This needs to be done for every optional component that is added to the boot image.
+
+  For example, for English United States (en-us), add the following:
+
+  ### [:::image type="icon" source="images/icons/powershell-24.png"::: **PowerShell**](#tab/powershell)
 
   ```powershell
   Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\<Component>_en-us.cab" -Path "<Mount_folder_path>" -Verbose
   ```
 
-### [**Command Line**](#tab/command-line)
+  This example assumes an x64 boot image. If a different architecture is being used, then adjust the commands accordingly.
+
+  ### [:::image type="icon" source="images/icons/command-prompt-24.png"::: **Command Line**](#tab/command-line)
 
   ```cmd
   DISM.exe /Image:"<Mount_folder_path>" /Add-Package /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\<Component>_en-us.cab" /PackagePath:"C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\<Component2>_en-us.cab"
   ```
 
+  This example assumes an x64 boot image. If a different architecture is being used, then adjust the commands accordingly.
+
   You can add as many desired optional components as needed on a single DISM.exe command line.
 
   ---
@@ -195,9 +206,9 @@ You can add as many desired optional components as needed on a single DISM.exe c
 
 ## Step 7: Add cumulative update (CU) to boot image
 
-- Apply the cumulative update (CU) downloaded earlier in the walkthrough to the boot image.
+Apply the cumulative update (CU) downloaded earlier in the walkthrough to the boot image:
 
-### [**PowerShell**](#tab/powershell)
+### [:::image type="icon" source="images/icons/powershell-32.png"::: **PowerShell**](#tab/powershell)
 
 ```powershell
 Add-WindowsPackage -PackagePath "<Path_to_CU_MSU_update>" -Path "<Mount_folder_path>" -Verbose
@@ -205,7 +216,7 @@ Add-WindowsPackage -PackagePath "<Path_to_CU_MSU_update>" -Path "<Mount_folder_p
 
 For more information, see [Add-WindowsPackage](/powershell/module/dism/add-windowspackage)
 
-### [**Command Line**](#tab/command-line)
+### [:::image type="icon" source="images/icons/command-prompt-32.png"::: **Command Line**](#tab/command-line)
 
 ```cmd
 DISM.exe /Image:"<Mount_folder_path>" /Add-Package /PackagePath:"<Path_to_CU_MSU_update>"
@@ -221,8 +232,7 @@ For more information, see [Add or Remove Packages Offline Using DISM](/windows-h
 
 ## Step 8: Copy boot files from mounted image to ADK installation path
 
-- Copy the updated bootmgr files from the updated boot image to the ADK installation path.
-- This step doesn't update or change the boot image. However, it makes sure that the latest bootmgr files are available to the ADK when creating bootable media. In particular, this step is needed when addressing the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
+Copy the updated bootmgr files from the updated boot image to the ADK installation path:
 
 ### [**PowerShell**](#tab/powershell)
 
@@ -240,9 +250,11 @@ Command to be determined
 
 ---
 
+This step doesn't update or change the boot image. However, it makes sure that the latest bootmgr files are available to the ADK when creating bootable media. In particular, this step is needed when addressing the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
+
 ## Step 9: Perform component cleanup
 
-- Run DISM.exe commands that will clean up the mounted image and help reduce its size
+Run **DISM.exe** commands that will clean up the mounted image and help reduce its size:
 
 ### [**PowerShell**](#tab/powershell)
 
@@ -266,7 +278,7 @@ For more information, see [Modify a Windows image using DISM: Reduce the size of
 
 ## Step 10: Verify all desired packages have been added to boot image
 
-- After the optional components and the cumulative update (CU) have been applied to the boot image, verify that they are showing as installed.
+After the optional components and the cumulative update (CU) have been applied to the boot image, verify that they are showing as installed:
 
 ### [**PowerShell**](#tab/powershell)
 
@@ -310,7 +322,7 @@ For more information, see [Modify a Windows image using DISM: Unmounting an imag
 
 ## Step 12: Export boot image to reduce size
 
-- Once the boot image has been unmounted and saved, its size can be further reduced by exporting it.
+1. Once the boot image has been unmounted and saved, its size can be further reduced by exporting it:
 
   ### [**PowerShell**](#tab/powershell)
 
@@ -330,7 +342,7 @@ For more information, see [Modify a Windows image using DISM: Reduce the size of
 
   ---
 
-- Once the export has completed, delete the original boot image and then rename the exported boot image with the name of the original boot image.
+1. Once the export has completed, delete the original boot image and then rename the exported boot image with the name of the original boot image.
 
 ## Considerations for Microsoft Configuration Manager